krasnika^

РЕШЕН
Съмнение за инфектирана система

    18 мнения в тази тема


    Здравейте, бихте ли ми казали дали имам повод за притеснение. Клавиатурата ми и мишката отказват на моменти, което ме навежда на мисълта че е заразена машината. Работи бавно и ми дава на моменти син екран. Прилагам логовете:

    DDS:

     

    DDS (Ver_2011-09-30.01) - NTFS_x86 
    Internet Explorer: 8.0.6001.18702
    Run by MONI at 14:35:59 on 2013-05-11
    Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.97 [GMT 3:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ================
    .
    C:WINDOWSExplorer.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:Program FilesAviraAntiVir Desktopsched.exe
    C:Program FilesAviraAntiVir Desktopavguard.exe
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
    C:WINDOWSSystem32PAStiSvc.exe
    C:Program FilesTeamViewerVersion8TeamViewer_Service.exe
    C:Program FilesVIAVIAudioiHDADeckHDeck.exe
    C:Program FilesAviraAntiVir Desktopavgnt.exe
    C:Program FilesSkypePhoneSkype.exe
    C:WINDOWSsystem32ctfmon.exe
    C:Program FilesTeamViewerVersion8TeamViewer.exe
    C:Program FilesAviraAntiVir Desktopavshadow.exe
    C:Program FilesTeamViewerVersion8tv_w32.exe
    C:WINDOWSSystem32alg.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:Program FilesMozilla Firefoxfirefox.exe
    c:program filesteamviewerversion8TeamViewer_Desktop.exe
    C:Program FilesGoogleChromeApplicationchrome.exe
    C:WINDOWSsystem32wbemwmiprvse.exe
    C:WINDOWSsystem32svchost.exe -k DcomLaunch
    C:WINDOWSsystem32svchost.exe -k rpcss
    C:WINDOWSSystem32svchost.exe -k netsvcs
    C:WINDOWSsystem32svchost.exe -k NetworkService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k LocalService
    C:WINDOWSsystem32svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www1.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=5C83002268826863
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
    uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun
    uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
    mRun: [HDAudDeck] c:program filesviaviaudioihdadeckHDeck.exe 1
    mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
    dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
    TCP: NameServer = 89.215.233.2 89.215.246.40
    TCP: Interfaces{A48477B5-DFB6-4E66-93CA-3491DD09FD48} : DHCPNameServer = 89.215.233.2 89.215.246.40
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
    SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication26.0.1410.64installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:documents and settingsmoniapplication datamozillafirefoxprofiles5w3wuf8l.default
    FF - plugin: c:documents and settingsall usersapplication datanexoneungmnpNxGameeu.dll
    FF - plugin: c:program filesadobereader 9.0readerairnppdf32.dll
    FF - plugin: c:program filesgoogleupdate1.3.21.145npGoogleUpdate3.dll
    FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_135.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.tuvaro.hpOld0 - 
    FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=main&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
    FF - user.js: extensions.tuvaro.instlDay - 15812
    FF - user.js: extensions.tuvaro.vrsn - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsni - 1.8.17.1
    FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.114:03:46
    FF - user.js: extensions.tuvaro.prtnrId - tuvaro
    FF - user.js: extensions.tuvaro.prdct - tuvaro
    FF - user.js: extensions.tuvaro.aflt - orgnl
    FF - user.js: extensions.tuvaro.smplGrp - none
    FF - user.js: extensions.tuvaro.tlbrId - base
    FF - user.js: extensions.tuvaro.instlRef - 9e9471a2
    FF - user.js: extensions.tuvaro.dfltLng - 
    FF - user.js: extensions.tuvaro.excTlbr - false
    FF - user.js: extensions.tuvaro.ffxUnstlRst - false
    FF - user.js: extensions.tuvaro.admin - false
    FF - user.js: extensions.tuvaro.cam - 
    FF - user.js: extensions.tuvaro.autoRvrt - false
    FF - user.js: extensions.tuvaro.rvrt - false
    FF - user.js: extensions.tuvaro.hmpg - true
    FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=homepage&toolbarid=base&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.tuvaro.dfltSrch - true
    FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
    FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=url&toolbarid=base&u=5c8395d3000000000000002268826863&q=
    FF - user.js: extensions.tuvaro.dnsErr - true
    FF - user.js: extensions.tuvaro.newTab - true
    FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=9e9471a2&tbp=tab&u=5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.tlbrSrchUrl - 
    FF - user.js: extensions.delta.id - 5c8395d3000000000000002268826863
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15812
    FF - user.js: extensions.delta.vrsn - 1.8.16.16
    FF - user.js: extensions.delta.vrsni - 1.8.16.16
    FF - user.js: extensions.delta.vrsnTs - 1.8.16.1614:06:01
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [2012-7-12 13616]
    R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [2012-7-12 5632]
    R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [2012-7-12 13616]
    R0 nvlegacy;nvlegacy;c:windowssystem32driversnvlegacy.sys [2012-7-12 100736]
    R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-1-6 37352]
    R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-1-6 86752]
    R2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-1-6 110816]
    R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-1-6 84744]
    R2 TeamViewer8;TeamViewer 8;c:program filesteamviewerversion8TeamViewer_Service.exe [2013-3-5 3574624]
    R3 MonitorFunction;Driver for Monitor;c:windowssystem32driversTVMonitor.sys [2013-2-3 13304]
    R3 PAC207;SoC PC-Camer@;c:windowssystem32driverspfc027.sys [2005-2-24 162176]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [2012-12-8 279680]
    S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
    S3 vtany;vtany;??c:windowsvtany.sys --> c:windowsvtany.sys [?]
    S3 xhunter1;xhunter1;??c:windowsxhunter1.sys --> c:windowsxhunter1.sys [?]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-12 250808]
    S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384]
    .
    =============== Created Last 30 ================
    .
    2013-04-18 13:37:10 -------- d-----w- c:documents and settingsall usersapplication dataInterAction studios
    2013-04-17 15:58:18 -------- d-----w- c:windowssystem32appmgmt
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsmoniapplication dataBabylon
    2013-04-17 11:05:32 -------- d-----w- c:documents and settingsall usersapplication dataBabylon
    2013-04-17 11:03:19 -------- d--h--w- c:windowssystem32GroupPolicy
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb1.bin
    2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb0.bin
    2013-04-14 00:02:47 1 ----a-w- c:windowssystem32nvdrssel.bin
    2013-04-14 00:02:08 -------- d-----w- c:program filesNVIDIA Corporation
    2013-04-11 19:20:18 26520 ----a-w- c:program filesmozilla firefoxplugin-hang-ui.exe
    2013-04-11 19:20:01 96664 ----a-w- c:program filesmozilla firefoxwebapprt-stub.exe
    2013-04-11 19:20:01 19352 ----a-w- c:program filesmozilla firefoxxpcom.dll
    2013-04-11 19:20:01 18581400 ----a-w- c:program filesmozilla firefoxxul.dll
    2013-04-11 19:20:00 92056 ----a-w- c:program filesmozilla firefoxsmime3.dll
    2013-04-11 19:20:00 867000 ----a-w- c:program filesmozilla firefoxuninstallhelper.exe
    2013-04-11 19:20:00 272280 ----a-w- c:program filesmozilla firefoxupdater.exe
    2013-04-11 19:20:00 170232 ----a-w- c:program filesmozilla firefoxwebapp-uninstaller.exe
    2013-04-11 19:20:00 157080 ----a-w- c:program filesmozilla firefoxssl3.dll
    2013-04-11 19:20:00 152472 ----a-w- c:program filesmozilla firefoxsoftokn3.dll
    .
    ==================== Find3M  ====================
    .
    2013-03-27 15:22:35 84744 ----a-w- c:windowssystem32driversavgntflt.sys
    2013-03-27 15:22:35 37352 ----a-w- c:windowssystem32driversavkmgr.sys
    2013-03-08 08:35:47 293376 ----a-w- c:windowssystem32winsrv.dll
    2013-03-07 03:23:36 2070016 ----a-w- c:windowssystem32ntkrnlpa.exe
    2013-03-07 01:31:48 2193536 ----a-w- c:windowssystem32ntoskrnl.exe
    2013-03-02 02:05:19 920064 ----a-w- c:windowssystem32wininet.dll
    2013-03-02 02:05:18 43520 ----a-w- c:windowssystem32licmgr10.dll
    2013-03-02 02:05:18 1469440 ----a-w- c:windowssystem32inetcpl.cpl
    2013-03-02 01:31:30 1876224 ----a-w- c:windowssystem32win32k.sys
    2013-03-02 01:08:57 385024 ----a-w- c:windowssystem32html.iec
    2013-02-12 00:32:23 12928 ----a-w- c:windowssystem32driversusb8023.sys
    .
    ============= FINISH: 14:37:09,76 ===============
     
    Attach:
     
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-09-30.01)
    .
    Microsoft Windows XP Professional
    Boot Device: DeviceHarddiskVolume1
    Install Date: 07.5.2005 г. 18:24:05
    System Uptime: 11.5.2013 г. 12:55:05 (2 hours ago)
    .
    Motherboard: FOXCONN |  | M61PMV
    Processor: AMD Sempron Processor LE-1200 | AMD Sempron Processor LE-1200 | 2109/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 68 GiB total, 59,224 GiB free.
    D: is FIXED (NTFS) - 165 GiB total, 146,672 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Пакет за езиков интерфейс на Windows
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0 - Bulgarian
    Avira Free Antivirus
    CCleaner
    Chicken Invaders 3 Free Trial
    Compatibility Pack for the 2007 Office system
    Dekaron
    Diner Dash - Hometown Hero
    Google Chrome
    Google Update Helper
    K-Lite Codec Pack 8.4.0 (Standard)
    Microsoft Office 2003 Bulgarian User Interface Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Mozilla Firefox 20.0.1 (x86 bg)
    MSXML 4.0 SP3 Parser (KB2758694)
    Nero 7 Micro
    NVIDIA Drivers
    OnScreenKeys 5.0.48
    PC Camer@
    Platform
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2820917)
    Skype™ 6.3
    TeamViewer 8
    The KMPlayer (remove only)
    VIA п»ї
    WebFldrs XP
    Winamp
    WinRAR 4.01 (32-битова версия)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07.5.2013 г. 13:16:53, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
    .
    ==== End Of File ===========================
     

    Благодаря  :)

     

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Извинете за забавянето.

    Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

    Публикувайте линк за download в следващия си пост.

     

    Поздрави!

    Привет, ето линк към архива: http://dox.bg/files/dw?a=7813a0da6a

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

    Probably caused by : viahduaa.sys ( viahduaa+19e60 )

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:
    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.


    И един от дъмповете се дължи на следното:

     

    Probably caused by : memory_corruption

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20
    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение
    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.
    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.
    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:
    Публикувано изображение

    3 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ето линка от стъпка 1: http://file.bg/c233164FmVLa


    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

    Чудя се дали направо не можете да си карате само на драйвъра на Реалтек за звука, защото имате два драйвъра:

     

    Realtek HDA Audio Drive
    VIA HDA Audio Drive

     

    На сайта на Foxconn драйвърите са доста стари - от 2009-та

     

    На сайта на VIA намерий два за вашия кодек: VIA VT1708B CE

     

    По-стара, но сертифицирана версия - 10.005D Dated: 25-Jul-2012

     

     

    и  по-нова версия (не сертифицирана, но едва ли ще е проблем) - 10.1200A Dated: 7-Nov-2012

     

    Пробвайте и двата и вижте дали сините екрани ще изчезнат. При възможност обновете и останалите драйвъри (но за предпочитане е да не използвате допълнителен софтуер, защото те често свалят погрешните драйвъри за дадена конфигфурация).

     

    Все пак тествайте и РАМ-а и после пишете как е положението.

     

    Също така да почистим и малко Adware и да проверим за активни гадинки:

     

     

     

    СТЪПКА 1

     

     

    Публикувано изображение Изтеглете и стартирайте програмата AdwCleaner (by Xplode).

    • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
    adwcleaner.exe за да стартирате инструмента. [*]Този път маркирайте Delete [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s1].txt.

     

     

     

    СТЪПКА 2

     

     

     

    Публикувано изображение Моля изтеглете Junkware Removal Tool на вашия десктоп.


    • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
    JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

     

     

     

    СТЪПКА 3

     

     

    Публикувано изображение Изтеглете Malwarebytes' Anti-Malware

     

    • [*]Кликнете два пъти върху
    mbam-setup.exe, за да инсталирате програмата. [*]Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish. [*]Ако има намерени обновявания, тя ще ги изтегли и инсталира. [*]Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan. [*]Сканирането ще отнеме малко време, затова моля да бъдете търпеливи. [*]Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата. [*]Уверете се, че на всички редове има отметки, и кликнете на Remove Selected. [*]Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. [*]Прикачете този лог в следващия си коментар в темата.

    Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поискада рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

     

     

    СТЪПКА 4

     

     

    Публикувано изображение
    1) Изтеглете: ESET Online Scanner
    2) Стартирайте esetsmartinstaller_enu.exe
    3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
    4) Скенерът ще започне да изтегля компонентите, които са му необходими.
    5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

    • [*]
    Scan archives [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth technology

    Уверете се че, Remove found threats няма отметка!

    И накрая изберете Start

    6) Скенерът ще започне да изтегля последните дефиниции.
    7) След, като сканирането завърши изберете Finish.
    8) Отидете в: C:Program FilesESETESET Online Scanner.

    9) Прикачете лог с името log.txt файла в следващия си пост.

     

     

     

    СТЪПКА 5

     

     

     

    Публикувано изображение
    Изтеглете Security Check от screen317 от този линк или и го запаметете на вашия десктоп.

    • [*]Кликнете два пъти върху
    SecurityCheck.exe и следвайте инструкциите. [*]Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля прикачете го в следващия ви коментар в тази тема.

    2 души харесват това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Здравейте, ето резултати: 

     

     

    П.С. Снимката е прекалено голяма за да я кача тук, затова ви пускам линк:  

    http://dox.bg/files/dw?a=a70a18da55

     

    AdwCleanerS2.txt

    checkup.txt

    JRT.txt

    log.txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Липсва лога от MBAM и за съжаление снимката от Eset не върши работа, защото файловете са с криптирани имена, но щом не пазите лога (както ми писахте по Л.С.) нищо не можем да направим за да видим какво е изтрила програмата след първото стартиране. Втория лог от Есет е чист.

     

    Как е сега положението - обновихте ли драйвърите за звука и продължават ли проблемите заради които отворихте темата?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Прикачам липсващия лог. Появи се нов проблем с драйверите на звука - след инсталацията на новия драйвер ( без сертификата) не ми позволява да включа микрофона в предния панел. Машината се държи по - добре. Само да попитам: да махам ли инструментите които ползвахме ? И какво да правя с файловете под карантина ? Благодаря ви.

    mbam-log-2013-04-06 (11-36-38).txt

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте, файловете на Eset Online Scaner-a и папката в която са инсталирани остана след указаната от вас деинсталация както и карантината на програмата. Компютъра е много "по - пъргав" ако мога така да се изразя. Справихме се успешно с драйверите, и вече всичко е наред. Засега няма сини екрани и едва ли ще има повече проблеми след вашата намеса, за което ви Благодаря :wors: . Проблемите са решени. Само ми укажете начин по който да премахна програмата Eset Online Scaner  безопасно. Поздрави и лека работа :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    публикувано (редактирано)

    Явно прибързах със заключенията относно сините екрани. Днес пак се появи ето кода на грешката: 0x000000D1(0xEB0F6E60,0x00000002,0x00000008,0xEB0F6E60). Бихте ли ми казали от какво може да е ? При рестарт на системата и опит да се затвори доклада за грешка на Microsoft дава пак синя страница с този код:0x000000d1(0xEB161E60,0x00000002,0x00000000,0xEB161E60).

    Редактирано от krasnika^ (преглед на промените)
    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Най-вероятно причината е в драйвър - и може би отново този на VIA.

     

     

    DRIVER_IRQL_NOT_LESS_OR_EQUAL

     

     

     

    Вижте дали има нов dmp файл в папката C:Windowsminidump и ако има го архивирайте.

     

    Ако отново се окаже, че е заради драйвъра на VIA инсталирайте последната версия без сертификата и пробвайте да работите без микрофона или пробвайте изцяло да карате само на драйвърите на Realtek. Щом помагате по TeamViewer-a няма и как да тествате рама от разстояние - но като имате физически достъп до компютъра тествайте плочките на РАМ-а една по една с Memtest, както бях написал по-нагоре.

     

    Също така:

     

    Изтеглете Autoruns и:

     

    • [*]Стартирайте програмата; [*]Изберете
    Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries; [*]От менюто File -> Refresh; [*]От менюто File -> Save...; [*]Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание и го прикачете към темата.

    ПС: Остатъците от Есет можете да изтриете и ръчно.

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сложихме драйвера на производителя ( с който е купено дъното) и за сега има звук. Има нови Дъмп файлове които прилагам към темата, както и резултата от програмата който поискахте. Поздрави :) http://dox.bg/files/dw?a=b5f4cf62a5 - Minidump

    http://dox.bg/files/dw?a=46a1d5d226 Autoruns - резултат

     

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Лошото е, че драйвъра от сайта на производителя, който съм дал е доста стар и може би дори вие в момента сте били със същата версия, която е правила и проблема.

    Според дъмп файловете отново виновен е драйвъра на VIA - viahduaa.sys.

     

    Вариантите са 2.

     

    1. Деинсталирате го и използвате само този на Realtek.

    2. Инсталирате сертифицираната версия, която е по-нова версия от тази на сайта на Foxconn, но и по-стара от несертифицираната версия от сайта на Via.

     

    Поне знаете, къде е проблема! :)

     

    Колкото до Autoruns можете да премахнете следните отметки (не да ги изтриете, а само ги отмаркирайте):

     

    Adobe ARM

    HDAudDeck

     

    И после затворете програмата.

    Изтрийте използваните от нас инструменти. Аз маркирам случая като решен...просто за драйвъра за VIA ако това не помогне не се сещам за друго адекватно решение...

     

    Поздрави!

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

     

     

    Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

     

     

    Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

     

    Свалете програмата Публикувано изображениеHWiNFO32

    След успешна инсталация и стартиране, ще се появи следния прозорец:

    Публикувано изображение

    Натиснете Run.

    Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

    Посочете вашия десктоп и натиснете Next.

    Ще се появява се Report Filter, изберете Finish.

    Публикувано изображение

    На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.

    И един от дъмповете се дължи на следното:

     

     

    За тестване на РАМ паметта може да опитате с Memtest86+ 4.20

    Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

    Публикувано изображение

    След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.

    Ако теста е успешен не би трябвало да има грешки:

    Публикувано изображение

    За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.

    Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:

    Публикувано изображение

    С огромно закъснение, за което много се извинявам, бих искал да ви съобщя, че състоянието на системата е много добро. Наложи се да преинсталираме целия компютъра с пълно форматиране и разцепване на харддиска, след което направих теста на РАМ паметта ( както ме посъветвахте - цяла нощ ) резултата е че : няма грешки в паметта, и за момента работи добре, и без сини екрани :)  Още веднъж Благодаря за помощта и положените усилия :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Все пак причината бе и си остава в драйвърите на Realtek...и затова го имайте предвид! :)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    :)  точно затова този път съм качил всички без тях :)

    1 човек харесва това

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!


    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.


    Вход

    • Горещи теми в момента

    • Подобни теми

      • от j_d
        Здравейте HJT Team !
        От известно време ползвам тоя комп с Win Xp Pro и усещам ,че нещо не е наред излизат грешки . При опит за инсталиране на браузера Вивалди ,излиза gr1. При пускане на Junkware Removal Tool  се появява прозореца и се затваря .Дали тези грешки се дължат на зловреден код или системата е омазана,да Ви помоля за вашето мнение и,ако може да помогнете.
        Благодаря !
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2017
        Ran by doni (administrator) on AMD (11-01-2017 17:02:29)
        Running from C:\Documents and Settings\doni\My Documents\Изтегляния
        Loaded Profiles: doni (Available Profiles: doni)
        Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
        Internet Explorer Version 8 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
        (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
        (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
        (Murray Hurps Software Pty Ltd) C:\Program Files\Ad Muncher\AdMunch.exe
        (Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
        (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
        (H.D.S. Hungary) C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
        (FinalWire Ltd.) D:\Важни Програми\AIDA64 Extreme Edition\aida64extreme580\aida64.exe
        (Repkasoft) C:\Program Files\YoWindow\yowindow.exe
        () C:\Program Files\Jotta\vss\jVSS.exe
        (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
        (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        (HP) C:\WINDOWS\system32\HPZipm12.exe
        (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
        (Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
        (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
        (Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
        (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
        (Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
        (Moonchild Productions) C:\Program Files\Pale Moon\plugin-container.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [Ad Muncher] => C:\Program Files\Ad Muncher\AdMunch.exe [560760 2015-06-17] (Murray Hurps Software Pty Ltd)
        HKLM\...\Run: [ProcessLassoManagementConsole] => C:\Program Files\Process Lasso\processlasso.exe [779776 2016-12-10] (Bitsum LLC)
        HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-12-14] (Malwarebytes Corporation)
        HKLM\...\Run: [Hard Disk Sentinel] => C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [4731552 2016-01-31] (H.D.S. Hungary)
        HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [14080240 2017-01-07] (Zemana Ltd.)
        HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %TEMP%\wz*\ <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\8z*\ <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\*.zip\ <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %TEMP%\_tc\ <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %TEMP%\7z*\ <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: ** <====== ATTENTION
        HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %TEMP%\Rar*\ <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: C:\Documents and Settings\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\Rar*\ <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: C:\Documents and Settings\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\_tc\ <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\7z*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: C:\Documents and Settings\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\wz*\ <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
        HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %UserProfile%\Local Settings\Temp\7z*\ <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.zip\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: C:\Documents and Settings\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %TEMP%\*.zip\ <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
        HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
        HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Local Settings\Temp\rar*\*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
        HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
        HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
        HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
        HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.cmd <====== ATTENTION
        HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
        HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
        HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
        HKLM Group Policy restriction on software: %TEMP%\8z*\ <====== ATTENTION
        Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-07-29] (ATI Technologies Inc.)
        HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
        HKLM\...\Policies\Explorer: [NoResolveSearch] 1
        HKU\S-1-5-21-854245398-329068152-725345543-1003\...\Run: [AIDA64 AutoStart] => D:\Важни Програми\AIDA64 Extreme Edition\aida64extreme580\aida64.exe [19603408 2016-10-24] (FinalWire Ltd.)
        HKU\S-1-5-21-854245398-329068152-725345543-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
        HKU\S-1-5-21-854245398-329068152-725345543-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
        HKU\S-1-5-21-854245398-329068152-725345543-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\yowindow.scr [859080 2016-12-04] (repkasoft)
        HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
        ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Documents and Settings\doni\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2016-12-01] ()
        ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Documents and Settings\doni\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2016-12-01] ()
        ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Documents and Settings\doni\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2016-12-01] ()
        ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay0] -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} => C:\DOCUME~1\doni\LOCALS~1\Temp\mcse32_00.dll -> No File
        ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay1] -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} => C:\DOCUME~1\doni\LOCALS~1\Temp\mcse32_00.dll -> No File
        ShellIconOverlayIdentifiers: [  MailRuCloudIconOverlay2] -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} => C:\DOCUME~1\doni\LOCALS~1\Temp\mcse32_00.dll -> No File
        ShellIconOverlayIdentifiers: [ JottaExt1] -> {648B08C1-8BB1-46e1-8F8A-64EF3F28D417} => C:\Program Files\Jotta\jottaext64.dll [2016-12-12] ()
        ShellIconOverlayIdentifiers: [ JottaExt2] -> {648B08C2-8BB1-46e1-8F8A-64EF3F28D417} => C:\Program Files\Jotta\jottaext64.dll [2016-12-12] ()
        ShellIconOverlayIdentifiers: [ JottaExt3] -> {648B08C3-8BB1-46e1-8F8A-64EF3F28D417} => C:\Program Files\Jotta\jottaext64.dll [2016-12-12] ()
        Startup: C:\Documents and Settings\doni\Start Menu\Programs\Startup\YoWindow.lnk [2017-01-10]
        ShortcutTarget: YoWindow.lnk -> C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
        GroupPolicy: Restriction ? <======= ATTENTION
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{C97B26C0-87E8-44A4-9564-5796CD042123}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
        HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
        HKU\S-1-5-21-854245398-329068152-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
        HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        HKU\S-1-5-21-854245398-329068152-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        HKU\S-1-5-21-854245398-329068152-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
        SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
        SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
        SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
        SearchScopes: HKU\S-1-5-21-854245398-329068152-725345543-1003 -> {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-854245398-329068152-725345543-1003 -> {AD43A510-0817-11DE-A4D6-59A755D89593} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=bfg&q={searchTerms}
        DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
        Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
        Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
        Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
        Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
        FireFox:
        ========
        FF DefaultProfile: k5gfurjn.default
        FF ProfilePath: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default [2017-01-11]
        FF Homepage: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> google.bg
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> backup.ftp", ""
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> backup.ftp_port", 0
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> backup.socks", ""
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> backup.socks_port", 0
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> backup.ssl", ""
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> backup.ssl_port", 0
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> ftp", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> ftp_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> http", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> http_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> share_proxy_settings", true
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> socks", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> socks_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> ssl", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default -> ssl_port", 9050
        FF Extension: (Adguard AdBlocker) - C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default\Extensions\adguardadblocker@adguard.com.xpi [2016-12-15]
        FF Extension: (Bloody Vikings!) - C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default\Extensions\bloodyvikings@ffs.bplaced.net.xpi [2017-01-09]
        FF Extension: (MEGA) - C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default\Extensions\firefox@mega.co.nz.xpi [2017-01-02]
        FF Extension: (Google™ Translator) - C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2016-12-19]
        FF Extension: (S3.Google Translator) - C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default\Extensions\s3google@translator.xpi [2016-12-15]
        FF Extension: (Video DownloadHelper) - C:\Documents and Settings\doni\Application Data\Mozilla\Firefox\Profiles\k5gfurjn.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-02]
        FF ProfilePath: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default [2017-01-11]
        FF DefaultSearchEngine: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> Google
        FF SelectedSearchEngine: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> Google
        FF Homepage: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> www.google.bg
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> backup.ftp", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> backup.ftp_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> backup.socks", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> backup.socks_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> backup.ssl", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> backup.ssl_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> ftp", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> ftp_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> http", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> http_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> share_proxy_settings", true
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> socks", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> socks_port", 9050
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> ssl", "127.0.0.1"
        FF NetworkProxy: C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default -> ssl_port", 9050
        FF Extension: (Adguard AdBlocker (Legacy)) - C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default\Extensions\adguardadblockerlegacy@adguard.com.xpi [2016-12-22] [not signed]
        FF Extension: (S3.Google Translator) - C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default\Extensions\s3google@translator.xpi [2016-11-07]
        FF Extension: (1-Click YouTube Video Downloader) - C:\Documents and Settings\doni\Application Data\Moonchild Productions\Pale Moon\Profiles\p3bt4kaz.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-01-02]
        FF ProfilePath: C:\Documents and Settings\doni\Application Data\K-Meleon\puoi2cit.default [2017-01-11]
        FF user.js: detected! => C:\Documents and Settings\doni\Application Data\K-Meleon\puoi2cit.default\user.js [2006-04-06]
        FF Homepage: C:\Documents and Settings\doni\Application Data\K-Meleon\puoi2cit.default -> www.google.bg
        FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [not signed]
        FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-12-05] [not signed]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-09] ()
        FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
        FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
        FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
        FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
        FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
        FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
        FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
        FF Plugin HKU\S-1-5-21-854245398-329068152-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\doni\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
        FF Plugin HKU\S-1-5-21-854245398-329068152-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\doni\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-04-15] (Adobe Systems) [File not signed]
        R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2241992 2016-12-14] (ESET)
        S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
        R2 Jotta VSS Service; C:\Program Files\Jotta\vss\jVSS.exe [102592 2016-12-12] ()
        R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-12-14] (Malwarebytes Corporation)
        S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
        S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
        R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
        R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
        R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [254232 2016-08-22] (RaMMicHaeL)
        R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [14080240 2017-01-07] (Zemana Ltd.)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R0 3FFF8A946; C:\WINDOWS\System32\drivers\3FFF8A946.sys [153784 2016-11-24] (Kaspersky Lab ZAO)
        R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2011-12-28] (Oak Technology Inc.) [File not signed]
        R3 AIDA64Driver; C:\Documents and Settings\doni\Local Settings\Temp\AIDA64Driver.sys [44176 2016-10-24] ()
        S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
        R3 avfwim; C:\WINDOWS\System32\DRIVERS\avfwim.sys [92448 2013-01-22] (Avira GmbH)
        S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
        R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [113544 2016-12-13] (ESET)
        R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [140984 2016-12-13] (ESET)
        R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
        R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [60992 2016-12-13] (ESET)
        R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59968 2016-12-14] ()
        S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
        S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
        S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
        R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
        S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
        S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
        R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-04-06] (VSO Software) [File not signed]
        R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [3734976 2009-06-25] (Realtek Semiconductor Corp.)
        R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-03-17] () [File not signed]
        R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2011-05-28] (IVT Corporation.)
        R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2016-12-20] (Zemana Ltd.)
        R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2016-12-20] (Zemana Ltd.)
        U3 a9fze76d; C:\WINDOWS\system32\Drivers\a9fze76d.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
        S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
        S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
        S3 BT; system32\DRIVERS\btnetdrv.sys [X]
        S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
        S3 BTHidEnum; system32\DRIVERS\vbtenum.sys [X]
        S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
        S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
        S4 IntelIde; no ImagePath
        S3 JL2005C; System32\Drivers\jl2005c.sys [X]
        U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
        U0 Partizan; system32\drivers\Partizan.sys [X]
        U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
        U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
        S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        NETSVC: SSHNAS -> no filepath.
        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-01-11 10:45 - 2017-01-11 10:45 - 00000000 ____D C:\Documents and Settings\doni\Local Settings\Application Data\Package Cache
        2017-01-11 08:00 - 2017-01-11 08:00 - 00000000 ____D C:\Program Files\Slimjet
        2017-01-11 08:00 - 2017-01-11 08:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FlashPeak Slimjet
        2017-01-10 21:45 - 2017-01-10 22:04 - 00000000 ____D C:\Documents and Settings\doni\Application Data\YoWindow
        2017-01-10 21:45 - 2017-01-10 21:45 - 00000754 _____ C:\Documents and Settings\All Users\Desktop\YoWindow.lnk
        2017-01-10 21:45 - 2017-01-10 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\YoWindow
        2017-01-10 21:45 - 2017-01-10 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\YoWindow
        2017-01-10 21:44 - 2017-01-10 21:45 - 00000000 ____D C:\Program Files\YoWindow
        2017-01-09 12:11 - 2017-01-09 12:11 - 00000000 ____D C:\Documents and Settings\doni\Application Data\ESET
        2017-01-09 11:57 - 2017-01-09 11:57 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
        2017-01-09 11:57 - 2017-01-09 11:57 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
        2017-01-08 17:49 - 2017-01-08 17:49 - 00000000 ____D C:\Program Files\ESET
        2017-01-08 17:49 - 2017-01-08 17:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
        2017-01-08 17:49 - 2017-01-08 17:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
        2017-01-08 10:00 - 2017-01-08 10:00 - 00000000 ____D C:\Documents and Settings\doni\Local Settings\Application Data\GHISLER
        2017-01-08 09:59 - 2017-01-08 10:00 - 00000000 ____D C:\totalcmd
        2017-01-08 09:59 - 2017-01-08 09:59 - 00000548 _____ C:\Documents and Settings\doni\Desktop\Total Commander.lnk
        2017-01-08 09:59 - 2017-01-08 09:59 - 00000000 ____D C:\Documents and Settings\doni\Start Menu\Programs\Total Commander
        2017-01-08 09:59 - 2017-01-08 09:59 - 00000000 ____D C:\Documents and Settings\doni\Application Data\GHISLER
        2017-01-08 09:59 - 2016-12-14 09:00 - 00000545 _____ C:\WINDOWS\UC.PIF
        2017-01-08 09:59 - 2016-12-14 09:00 - 00000545 _____ C:\WINDOWS\RAR.PIF
        2017-01-08 09:59 - 2016-12-14 09:00 - 00000545 _____ C:\WINDOWS\PKZIP.PIF
        2017-01-08 09:59 - 2016-12-14 09:00 - 00000545 _____ C:\WINDOWS\PKUNZIP.PIF
        2017-01-08 09:59 - 2016-12-14 09:00 - 00000545 _____ C:\WINDOWS\LHA.PIF
        2017-01-08 09:59 - 2016-12-14 09:00 - 00000545 _____ C:\WINDOWS\ARJ.PIF
        2017-01-07 20:16 - 2017-01-07 20:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Zemana AntiMalware
        2017-01-02 12:52 - 2017-01-08 17:09 - 00000000 ____D C:\Documents and Settings\doni\Application Data\vlc
        2017-01-02 12:51 - 2017-01-02 12:51 - 00000000 ____D C:\Program Files\VideoLAN
        2016-12-31 16:34 - 2016-12-31 16:34 - 00011450 _____ C:\WINDOWS\system32\PARTIZAN.TXT
        2016-12-31 14:01 - 2016-12-31 16:40 - 00000000 ____D C:\Program Files\UnHackMe
        2016-12-31 14:01 - 2016-12-31 14:01 - 00000682 _____ C:\Documents and Settings\doni\Desktop\UnHackMe.lnk
        2016-12-31 14:01 - 2016-12-31 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\UnHackMe
        2016-12-31 14:01 - 2016-12-13 17:04 - 00015016 _____ (Greatis Software, LLC.) C:\WINDOWS\system32\Drivers\UnHackMeDrv.sys
        2016-12-31 13:52 - 2016-12-31 13:21 - 00001617 _____ C:\Documents and Settings\doni\Desktop\Shortcut to Zemana AntiMalware.lnk
        2016-12-29 17:03 - 2016-12-29 17:03 - 00000638 _____ C:\Documents and Settings\doni\Desktop\Jottacloud.lnk
        2016-12-29 17:03 - 2016-12-29 17:03 - 00000000 ____D C:\Documents and Settings\doni\Application Data\Jotta
        2016-12-29 17:03 - 2016-12-29 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Jottacloud
        2016-12-20 19:22 - 2016-12-20 19:22 - 00078063 _____ C:\Documents and Settings\doni\My Documents\gr1.JPG
        2016-12-20 11:20 - 2017-01-11 17:02 - 00042271 _____ C:\WINDOWS\ZAM.krnl.trace
        2016-12-20 11:20 - 2017-01-11 17:02 - 00019107 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
        2016-12-20 11:20 - 2017-01-07 20:16 - 00000000 ____D C:\Program Files\Zemana AntiMalware
        2016-12-20 11:20 - 2016-12-20 11:20 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
        2016-12-20 11:20 - 2016-12-20 11:20 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
        2016-12-20 11:20 - 2016-12-20 11:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
        2016-12-20 11:20 - 2016-12-20 11:20 - 00000000 ____D C:\Documents and Settings\doni\Local Settings\Application Data\Zemana
        2016-12-19 19:34 - 2017-01-03 10:28 - 00000000 ____D C:\Documents and Settings\doni\My Documents\Н
        2016-12-19 19:28 - 2016-12-19 19:33 - 00000000 ____D C:\Documents and Settings\doni\My Documents\AA
        2016-12-18 22:39 - 2016-12-20 14:44 - 00000000 ____D C:\Program Files\4shared Desktop
        2016-12-18 22:39 - 2016-12-18 22:41 - 00000000 ____D C:\Documents and Settings\doni\Application Data\4shared Desktop
        2016-12-18 22:39 - 2016-12-18 22:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\4shared Desktop
        2016-12-18 15:16 - 2016-12-18 15:16 - 00000000 ____D C:\Documents and Settings\doni\My Documents\NOD051216
        2016-12-13 19:34 - 2016-12-13 19:34 - 00000088 _____ C:\Documents and Settings\doni\My Documents\enablewsh.bat
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-01-11 17:02 - 2016-11-16 20:05 - 00000000 ____D C:\FRST
        2017-01-11 17:02 - 2016-04-09 10:34 - 00000000 ____D C:\Documents and Settings\doni\My Documents\Изтегляния
        2017-01-11 17:02 - 2010-03-11 04:44 - 00000000 ____D C:\Documents and Settings\doni\Local Settings\Temp
        2017-01-11 16:34 - 2010-05-06 20:27 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2017-01-11 16:24 - 2014-02-08 17:19 - 00001098 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
        2017-01-11 16:09 - 2016-11-04 07:53 - 00001074 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-329068152-725345543-1003UA.job
        2017-01-11 15:00 - 2015-12-17 15:00 - 00000632 ____C C:\WINDOWS\Tasks\Auslogics BoostSpeed Scan and Repair.job
        2017-01-11 13:43 - 2014-11-30 22:25 - 00000000 ____D C:\AdwCleaner
        2017-01-11 12:13 - 2016-11-16 11:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
        2017-01-11 11:09 - 2016-08-10 14:24 - 00000000 ____D C:\Documents and Settings\doni\My Documents\Загрузки
        2017-01-11 09:50 - 2010-03-11 06:28 - 00005096 ____C C:\WINDOWS\system32\PerfStringBackup.INI
        2017-01-11 09:46 - 2015-12-17 15:00 - 00000406 ____C C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn doni logon.job
        2017-01-11 09:46 - 2012-09-14 20:40 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd92a860a26e52.job
        2017-01-11 09:46 - 2010-03-11 04:43 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
        2017-01-11 08:17 - 2016-02-24 18:12 - 00032556 _____ C:\WINDOWS\SchedLgU.Txt
        2017-01-11 08:17 - 2010-03-11 04:44 - 00000278 __SHC C:\Documents and Settings\doni\ntuser.ini
        2017-01-11 07:59 - 2010-03-11 04:44 - 00000000 ____D C:\Documents and Settings\doni
        2017-01-10 21:18 - 2010-05-06 20:27 - 00000000 ____D C:\Documents and Settings\doni\Local Settings\Application Data\Temp
        2017-01-10 20:35 - 2015-03-27 20:14 - 00170200 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
        2017-01-09 17:24 - 2014-02-08 17:19 - 00001046 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
        2017-01-09 11:57 - 2010-03-11 04:39 - 00000000 ____D C:\WINDOWS\system32\Macromed
        2017-01-08 23:19 - 2012-01-13 11:06 - 00000406 __RSH C:\Documents and Settings\All Users\ntuser.pol
        2017-01-08 23:19 - 2010-03-11 06:25 - 00000000 ____D C:\Documents and Settings\All Users
        2017-01-08 22:49 - 2010-03-17 21:49 - 00000000 ____D C:\Documents and Settings\doni\Application Data\Skype
        2017-01-08 17:36 - 2010-03-11 06:21 - 00000000 ____D C:\WINDOWS\inf
        2017-01-08 16:26 - 2015-06-17 09:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Unchecky
        2017-01-08 16:18 - 2010-12-14 22:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
        2017-01-08 09:09 - 2016-11-04 07:53 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-329068152-725345543-1003Core.job
        2017-01-06 06:43 - 2001-08-23 13:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
        2017-01-03 19:37 - 2016-10-20 12:19 - 00000000 ____D C:\Program Files\Pale Moon
        2017-01-02 12:50 - 2010-04-18 13:54 - 00000202 ____C C:\WINDOWS\NeroDigital.ini
        2017-01-02 11:28 - 2016-11-09 16:07 - 00000000 ____D C:\Documents and Settings\doni\dwhelper
        2016-12-31 16:43 - 2015-03-28 08:11 - 00000000 ____D C:\Documents and Settings\doni\My Documents\RegRun2
        2016-12-31 16:42 - 2015-03-28 08:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RegRun
        2016-12-31 14:06 - 2015-03-28 08:11 - 00000002 RSHOT C:\WINDOWS\winstart.bat
        2016-12-31 14:06 - 2010-03-11 06:28 - 00001688 ____C C:\WINDOWS\system32\AUTOEXEC.NT
        2016-12-31 14:06 - 2010-03-11 04:41 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
        2016-12-29 17:06 - 2016-12-03 10:31 - 00000671 _____ C:\Jottacloud.lnk
        2016-12-29 17:06 - 2016-12-03 10:31 - 00000000 ___RD C:\Documents and Settings\doni\Jottacloud
        2016-12-29 17:03 - 2016-12-03 10:26 - 00000000 ____D C:\Program Files\Jotta
        2016-12-20 19:22 - 2010-03-11 04:44 - 00000000 ___RD C:\Documents and Settings\doni\My Documents
        2016-12-20 19:09 - 2016-10-05 16:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
        2016-12-20 14:44 - 2010-03-11 06:21 - 00000000 ____D C:\WINDOWS\system32\Drivers\etc
        2016-12-20 11:20 - 2010-03-11 04:43 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Application Data
        2016-12-19 19:30 - 2010-03-17 22:12 - 00040448 ____C C:\Documents and Settings\doni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-12-18 20:34 - 2010-03-28 20:57 - 00000000 ____D C:\Documents and Settings\doni\Application Data\dvdcss
        2016-12-17 10:23 - 2016-11-17 22:00 - 00000000 ____D C:\Program Files\Hard Disk Sentinel
        2016-12-16 08:19 - 2015-01-29 21:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
        2016-12-16 00:55 - 2016-11-20 22:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
        2016-12-16 00:55 - 2016-11-16 11:53 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
        2016-12-15 18:20 - 2016-11-24 18:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
        2016-12-14 21:23 - 2016-10-30 23:52 - 00000680 _____ C:\Documents and Settings\doni\Desktop\Shortcut to CCleaner.exe.lnk
        2016-12-13 17:11 - 2016-06-23 13:31 - 00140984 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
        2016-12-13 17:11 - 2016-06-23 13:31 - 00113544 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
        2016-12-13 17:11 - 2016-06-23 13:31 - 00060992 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwtdir.sys
        2016-12-12 20:45 - 2015-12-17 22:57 - 00000000 ____D C:\Program Files\Process Lasso
        2016-12-12 20:45 - 2015-12-17 15:49 - 00000000 ____D C:\Documents and Settings\doni\Application Data\ProcessLasso
        ==================== Files in the root of some directories =======
        2010-04-06 23:40 - 2010-04-06 23:40 - 0081920 ____C () C:\Documents and Settings\doni\Application Data\ezpinst.exe
        2010-04-06 23:40 - 2010-04-06 23:40 - 0007176 ____C () C:\Documents and Settings\doni\Application Data\pcouffin.cat
        2010-04-06 23:40 - 2010-04-06 23:40 - 0001144 ____C () C:\Documents and Settings\doni\Application Data\pcouffin.inf
        2010-04-06 23:40 - 2010-04-06 23:40 - 0000034 ____C () C:\Documents and Settings\doni\Application Data\pcouffin.log
        2010-04-06 23:40 - 2010-04-06 23:40 - 0047360 ____C (VSO Software) C:\Documents and Settings\doni\Application Data\pcouffin.sys
        2010-03-17 22:12 - 2016-12-19 19:30 - 0040448 ____C () C:\Documents and Settings\doni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2010-03-22 10:24 - 2010-03-22 10:24 - 0000127 ____C () C:\Documents and Settings\doni\Local Settings\Application Data\fusioncache.dat
        2012-03-06 10:56 - 2016-11-11 06:28 - 0000043 __SHC () C:\Documents and Settings\All Users\Application Data\.zreglib
        2016-10-05 16:19 - 2016-10-05 16:19 - 0000232 _____ () C:\Documents and Settings\All Users\Application Data\fontcacheev1.dat
        2010-03-22 10:05 - 2012-02-06 14:13 - 0014995 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
        Files to move or delete:
        ====================
        C:\Documents and Settings\doni\TempWmicBatchFile.bat

        Some files in TEMP:
        ====================
        C:\Documents and Settings\doni\Local Settings\Temp\Watchdog.AntiMalware.Setup.exe

        Some zero byte size files/folders:
        ==========================
        C:\Windows\mansk.dll
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== End of FRST.txt ============================


        Addition.txt
      • от Gangosa
        Добър ден имам упорит проблем с хрома . До сега чистих с adwcleaner не се маха реших ,че е сериозно .
        Променям първа страница да е www.google.bg затварям браузъра отварям го и вече е
        http://proekt-armata-igra.ru/search.com/index.html ето логовете :
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
        Ran by Gangosan (administrator) on GANGOSAN-PC (08-01-2017 15:56:33)
        Running from C:\Users\Gangosan\Desktop
        Loaded Profiles: Gangosan (Available Profiles: Gangosan)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
        (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
        (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (AeroAdmin Inc.) D:\Program\AeroAdmin PRO.exe
        (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
        (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
        (AeroAdmin Inc.) D:\Program\AeroAdmin PRO.exe
        (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
        () C:\Program Files (x86)\Localphone Ltd\Localphone\Localphone_mod.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
        (Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
        (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
        () C:\Program Files (x86)\iCareFone\TenorShareService.exe
        (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
        (Microsoft Corporation) C:\Windows\System32\alg.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Intel Corporation) C:\Windows\System32\igfxtray.exe
        (Intel Corporation) C:\Windows\System32\hkcmd.exe
        (Intel Corporation) C:\Windows\System32\igfxpers.exe
        (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
        (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
        (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
        (AntGROUP) C:\Program Files (x86)\Ant Download Manager\antMR.exe
        (AntGROUP) C:\Program Files (x86)\Ant Download Manager\AntDM.exe
        (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
        (Viber Media S.à r.l.) C:\Users\Gangosan\AppData\Local\Viber\Viber.exe
        (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
        (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
        (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
        (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
        (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
        (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
        (mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\cmd.exe
        (AntGROUP) C:\Program Files (x86)\Ant Download Manager\antCH\antCH.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
        HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
        HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
        HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
        HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
        HKLM-x32\...\Run: [Dolby Advanced Audio v2] => c:\dolby pcee4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
        HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
        HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
        HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
        Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
        HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
        HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0
        HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
        HKLM\...\Policies\Explorer: [NoSMMyDocs] 0
        HKLM\...\Policies\Explorer: [NoSMMyPictures] 0
        HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [Google Update] => C:\Users\Gangosan\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-07-08] (Glarysoft Ltd)
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [MTELocker] => C:\Program Files\Encrypt4all Software\ADL Pro Edition\ADL.exe [663552 2016-10-29] (Encrypt4all Software 2004-2016)
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [antMR] => C:\Program Files (x86)\Ant Download Manager\antMR.exe [132608 2016-09-25] (AntGROUP)
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [AntDM] => C:\Program Files (x86)\Ant Download Manager\AntDM.exe [6358528 2016-11-12] (AntGROUP)
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [Viber] => C:\Users\Gangosan\AppData\Local\Viber\Viber.exe [41548368 2017-01-03] (Viber Media S.à r.l.)
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispSettingsPage] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispCPL] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispScrSavPage] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispBackgroundPage] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispAppearancePage] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoVisualStyleChoice] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoColorChoice] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoSizeChoice] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoTrayContextMenu] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoAddPrinter] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoDeletePrinter] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoThemesTab] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoChangeAnimation] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoViewContextMenu] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoDFSTab] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSecurityTab] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoHardwareTab] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoToolbarCustomize] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoBandCustomize] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoFileMenu] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoNetHood] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSetFolders] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoStartMenuMyGames] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSetTaskbar] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoCommonGroups] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSimpleStartMenu] 0
        HKU\S-1-5-18\...\Run: [] => 0
        HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2015-07-23] (Softros Systems, inc.)
        HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2015-07-23] (Softros Systems, inc.)
        ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> No File
        Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-04]
        ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
        Startup: C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-03-15] ()
        Startup: C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2017-01-08] ()
        BootExecute: autocheck autochk *  
        GroupPolicy: Restriction <======= ATTENTION
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        ProxyServer: [S-1-5-21-1996132808-4018277664-1723909242-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{71426D83-D555-4D62-887F-397EC0699D4D}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
        HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR
        SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
        SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
        SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
        BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
        BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
        BHO: Ant Download Manager BHO -> {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} -> C:\Program Files (x86)\Ant Download Manager\antIE\antIE64.dll [2016-10-20] (AntGROUP)
        BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
        BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
        BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
        BHO-x32: Ant Download Manager BHO -> {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} -> C:\Program Files (x86)\Ant Download Manager\antIE\antIE.dll [2016-10-20] (AntGROUP)
        BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
        BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
        DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
        DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        FireFox:
        ========
        FF DefaultProfile: ka0brvp7.default
        FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\TomTom\HOME\Profiles\gcn8mbl0.default [2015-10-31]
        FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-10-31] [not signed]
        FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default [2017-01-08]
        FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ftp", "89.208.212.2"
        FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ftp_port", 80
        FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> http", "89.208.212.2"
        FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> http_port", 80
        FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> share_proxy_settings", true
        FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ssl", "89.208.212.2"
        FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ssl_port", 80
        FF Extension: (Ad-Aware Ad Block) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-01-08]
        FF Extension: (DOM Inspector) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\inspector@mozilla.org [2017-01-08]
        FF Extension: (Whois Lookup & Hosting & DNS & Site Flags Firefox) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\myipms@myip.ms [2017-01-08]
        FF Extension: (LastPass) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\support@lastpass.com [2017-01-08]
        FF Extension: (ChatZilla) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-01-08]
        FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default [2017-01-07]
        FF Homepage: Mozilla\Firefox\Profiles\96z07rpk.default -> about:home
        FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\firefox@zenmate.com.xpi [2016-10-04]
        FF Extension: (LavaFox V2) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\info@djzig.com [2016-12-03]
        FF Extension: (LastPass) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\support@lastpass.com [2017-01-07]
        FF Extension: (Nightly Tester Tools) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}.xpi [2016-10-23]
        FF Extension: (Adblock Plus) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-03]
        FF Extension: (Block site) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2017-01-06]
        FF Extension: (Bitdefender QuickScan) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-10-04]
        FF Extension: (AntFF) - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi [2016-02-26]
        FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\kompozer.net\KompoZer\Profiles\1stu6e8q.default [2015-08-16]
        FF HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Firefox\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi
        FF HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
        FF HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\SeaMonkey\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi
        FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_189.dll [2016-12-16] ()
        FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
        FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_189.dll [2016-12-16] ()
        FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
        FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin HKU\S-1-5-21-1996132808-4018277664-1723909242-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gangosan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin HKU\S-1-5-21-1996132808-4018277664-1723909242-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gangosan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin HKU\S-1-5-21-1996132808-4018277664-1723909242-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gangosan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
        FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-10-29]
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HomePage: Default -> hxxp://www.google.com/
        CHR StartupUrls: Default -> "hxxps://www.google.bg/"
        CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
        CHR Extension: (Adblock Plus) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
        CHR Extension: (AntDM Integration Extension) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efglbgfnmenhnnflfpbnbldgmldnmifb [2016-12-06]
        CHR Extension: (Byrd IRC client) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\endimfdcgfnlmoankhocnkhgohmoecoi [2016-10-13]
        CHR Extension: (SSLTrust SSL Certificate Store) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fappknnhhggcjmeljjbjmibmhoninmem [2015-09-03]
        CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-10]
        CHR Extension: (Cloud SWF, Flash Player with Drive) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhhaadihgfcgmlefioblaahpnglnkbk [2015-12-16]
        CHR Extension: (Glowtxt) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkcilhknnakepbgkpmhhebooffgefidk [2016-10-30]
        CHR Extension: (Google Документи офлайн) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-06]
        CHR Extension: (LastPass: Free Password Manager) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-06]
        CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-02-16]
        CHR Extension: (Zalmos SSL Web Proxy for Free) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idefjamndcpplnamdlbodoebjgkpdmpn [2015-10-05]
        CHR Extension: (Lunapic Photo Editor) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2015-09-03]
        CHR Extension: (Antivirus Online Scanner) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jckjbdbomnmbollkecaianifkigmgbjj [2016-10-30]
        CHR Extension: (Online PDF Tools) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2015-09-03]
        CHR Extension: (IP адрес) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2016-08-27]
        CHR Extension: (Local SWF Player) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2016-03-13]
        CHR Extension: (Cloud9) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2016-03-19]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
        CHR Extension: (ScriptSafe) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-12-29]
        CHR Extension: (Как да използвате Skype уеб) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabhdemifmkppnfkgfjifmimajhofcbh [2016-06-15]
        CHR Extension: (Weather Underground) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-09-03]
        CHR Extension: (Gmail) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-31]
        CHR Extension: (Chrome Media Router) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
        CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-09-02]
        CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-17]
        CHR Extension: (Google Презентации) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
        CHR Extension: (Google Документи) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
        CHR Extension: (Google Диск) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-30]
        CHR Extension: (YouTube) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
        CHR Extension: (Google Търсене) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
        CHR Extension: (Bitdefender Wallet) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fabcmochhfpldjekobfaaggijgohadih [2016-01-30]
        CHR Extension: (Електронни таблици от Google) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
        CHR Extension: (Google Документи офлайн) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-30]
        CHR Extension: (IDM Integration Module) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-01-30]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-30]
        CHR Extension: (Gmail) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
        CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-02]
        CHR Extension: (Google Презентации) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
        CHR Extension: (Google Документи) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
        CHR Extension: (Google Диск) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-07]
        CHR Extension: (YouTube) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-07]
        CHR Extension: (Google Търсене) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-07]
        CHR Extension: (Електронни таблици от Google) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
        CHR Extension: (Bookmark Manager) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-07]
        CHR Extension: (IDM Integration Module) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-06-07]
        CHR Extension: (Google Wallet) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-07]
        CHR Extension: (Gmail) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
        CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
        CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
        CHR HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efglbgfnmenhnnflfpbnbldgmldnmifb] - C:\Program Files (x86)\Ant Download Manager\antCH\antCH.crx [2016-12-06]
        CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AeroadminService; D:\Program\AeroAdmin PRO.exe [2609432 2016-11-18] (AeroAdmin Inc.)
        R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
        S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
        R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2016-12-15] (AVG Technologies CZ, s.r.o.)
        R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
        R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
        R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
        R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.) [File not signed]
        S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [4375792 2015-10-07] (Hide My IP)
        S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
        R2 LocalphoneWinService; C:\Program Files (x86)\Localphone Ltd\Localphone\Localphone_mod.exe [1046016 2013-08-22] () [File not signed]
        S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
        R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2198352 2015-07-23] (Softros Systems, Inc.)
        R2 TenorShareService; C:\Program Files (x86)\iCareFone\TenorShareService.exe [657848 2016-07-29] ()
        S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [1000208 2011-05-02] (Intel(R) Corporation)
        S2 HssWd; no ImagePath
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed]
        R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed]
        S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] () [File not signed]
        S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] () [File not signed]
        R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed]
        R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
        R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
        R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
        R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
        R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
        R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
        R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
        R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
        R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
        R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
        S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2015-10-09] (Sysprogs OU)
        R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-07-16] (DT Soft Ltd)
        R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
        S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
        S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
        R2 GdmWmPrt; C:\Windows\System32\DRIVERS\gdmwmprt.sys [32768 2009-08-17] (GCT Semiconductor, Inc.)
        R2 GdmWmPrt; C:\Windows\SysWOW64\DRIVERS\gdmwmprt.sys [32768 2009-08-17] (GCT Semiconductor, Inc.)
        R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-16] (Glarysoft Ltd)
        R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
        R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-03-28] (REALiX(tm))
        R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
        S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [47104 2016-05-20] ()
        R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0102.sys [38432 2016-01-27] (SoftEther Corporation)
        S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
        R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
        S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2016-08-31] (Macrovision Europe Ltd) [File not signed]
        S3 SEE; C:\Windows\System32\drivers\see.sys [50208 2016-01-27] (SoftEther Corporation)
        S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
        S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
        S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
        U3 DfSdkS; no ImagePath
        S3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [X]
        S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
        S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
        S3 VGPU; System32\drivers\rdvgkmd.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-01-08 15:56 - 2017-01-08 15:57 - 00035145 _____ C:\Users\Gangosan\Desktop\FRST.txt
        2017-01-08 15:55 - 2017-01-08 15:56 - 00000000 ____D C:\FRST
        2017-01-08 15:55 - 2017-01-08 15:55 - 02419200 _____ (Farbar) C:\Users\Gangosan\Desktop\FRST64.exe
        2017-01-08 15:03 - 2017-01-08 15:46 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZenGuard GmbH
        2017-01-08 15:03 - 2017-01-08 15:03 - 00000000 ____D C:\Users\Gangosan\AppData\Local\SquirrelTemp
        2017-01-08 15:02 - 2017-01-08 15:02 - 04017168 _____ (ZenGuard GmbH) C:\Users\Gangosan\Desktop\setup.exe
        2017-01-08 00:07 - 2017-01-08 00:07 - 00001986 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
        2017-01-08 00:07 - 2017-01-08 00:07 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
        2017-01-07 23:46 - 2017-01-07 23:46 - 00000925 _____ C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
        2017-01-07 23:46 - 2017-01-07 23:46 - 00000923 _____ C:\Users\Gangosan\Desktop\Viber.lnk
        2017-01-07 23:46 - 2017-01-07 23:46 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
        2017-01-07 23:46 - 2017-01-07 23:46 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Viber
        2017-01-07 23:46 - 2017-01-07 23:46 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Package Cache
        2017-01-07 23:44 - 2017-01-07 23:45 - 68087360 _____ (Viber Media Inc.) C:\Users\Gangosan\Desktop\ViberSetup.exe
        2017-01-07 23:39 - 2017-01-07 23:39 - 00000000 ____D C:\Users\Gangosan\Tracing
        2017-01-07 23:14 - 2017-01-07 23:14 - 00000000 ____D C:\Users\Public\Downloads\Norton
        2017-01-07 22:59 - 2017-01-07 23:14 - 00000000 ____D C:\ProgramData\Norton
        2017-01-07 22:59 - 2017-01-07 22:59 - 00000000 ____D C:\ProgramData\NortonInstaller
        2017-01-06 23:43 - 2017-01-07 22:58 - 00000000 ____D C:\Users\Gangosan\AppData\LocalLow\Mozilla
        2017-01-02 23:22 - 2017-01-02 23:22 - 00029296 _____ C:\Users\Gangosan\Downloads\79cc2d834946e3bf672f48d62fa13ca3.html
        2017-01-02 14:33 - 2017-01-02 14:33 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
        2017-01-02 14:33 - 2017-01-02 14:33 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
        2017-01-01 13:31 - 2017-01-01 13:31 - 00062528 _____ C:\Users\Gangosan\Documents\invoice.pdf
        2016-12-31 13:43 - 2016-12-31 13:43 - 00102809 _____ C:\Users\Gangosan\Desktop\One.com Annual Invoice - emo-upholstery.co.uk.eml
        2016-12-31 13:40 - 2016-12-31 13:40 - 00062528 _____ C:\Users\Gangosan\Desktop\17131863.pdf
        2016-12-29 21:07 - 2016-12-29 21:07 - 00000822 ____N C:\Users\Public\Desktop\CCleaner.lnk
        2016-12-29 20:49 - 2016-12-29 20:49 - 00003073 ____N C:\Users\Gangosan\Desktop\ASUS PC Diagnostics.lnk
        2016-12-29 20:49 - 2016-12-29 20:49 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
        2016-12-29 20:49 - 2016-12-29 20:49 - 00000000 ____D C:\Program Files (x86)\ASUS
        2016-12-17 21:09 - 2017-01-07 00:32 - 00002204 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
        2016-12-17 17:45 - 2016-12-18 12:57 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\QTranslate
        2016-12-17 17:45 - 2016-12-17 17:45 - 00001035 ____N C:\Users\Gangosan\Desktop\QTranslate.lnk
        2016-12-17 17:45 - 2016-12-17 17:45 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTranslate
        2016-12-17 17:45 - 2016-12-17 17:45 - 00000000 ____D C:\Program Files (x86)\QTranslate
        2016-12-17 17:30 - 2016-12-29 19:37 - 00000000 ____D C:\Program Files\Malwarebytes
        2016-12-17 17:30 - 2016-12-17 17:30 - 51969976 _____ (Malwarebytes ) C:\Users\Gangosan\Desktop\malwarebytes_3.0.exe
        2016-12-17 17:14 - 2016-12-17 17:14 - 03977168 _____ C:\Users\Gangosan\Desktop\adwcleaner_6.041.exe
        2016-12-09 00:40 - 2016-12-09 00:40 - 00001408 ____N C:\Users\Public\Desktop\AceThinker Screen Grabber Pro.lnk
        2016-12-09 00:40 - 2016-12-09 00:40 - 00000000 ____D C:\Users\Gangosan\Documents\AceThinker
        2016-12-09 00:40 - 2016-12-09 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AceThinker
        2016-12-09 00:40 - 2016-12-09 00:40 - 00000000 ____D C:\Program Files (x86)\AceThinker
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-01-08 15:55 - 2015-04-29 17:58 - 00000000 ____D C:\Users\Gangosan\AppData\LocalLow\LastPass
        2017-01-08 15:47 - 2014-09-07 10:06 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Deployment
        2017-01-08 15:47 - 2009-07-14 04:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-01-08 15:47 - 2009-07-14 04:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-01-08 15:42 - 2015-07-06 10:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
        2017-01-08 15:41 - 2015-06-01 17:18 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\ViberPC
        2017-01-08 15:39 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
        2017-01-08 15:31 - 2014-09-07 12:13 - 00000000 ____D C:\Users\Gangosan
        2017-01-08 15:19 - 2016-11-22 12:30 - 00000000 ____D C:\ProgramData\MFAData
        2017-01-08 15:16 - 2016-11-22 12:28 - 00003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
        2017-01-08 15:01 - 2014-09-07 09:57 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{91287D26-26EB-4B28-92DC-BD5F0F30A1C5}
        2017-01-08 14:53 - 2014-09-26 19:12 - 00000000 ____D C:\ProgramData\ProductData
        2017-01-08 00:09 - 2016-07-23 19:04 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Skype
        2017-01-07 23:57 - 2015-02-06 21:48 - 00000000 ____D C:\Users\Gangosan\AppData\Local\CrashDumps
        2017-01-07 23:16 - 2015-06-04 21:55 - 00000000 ____D C:\Program Files\Java
        2017-01-07 23:09 - 2014-11-29 19:10 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Mozilla
        2017-01-07 22:58 - 2015-08-25 20:33 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\QuickScan
        2017-01-07 22:50 - 2014-09-26 18:59 - 00000000 ____D C:\ProgramData\Ashampoo
        2017-01-07 22:49 - 2014-09-26 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
        2017-01-07 22:49 - 2014-09-26 18:59 - 00000000 ____D C:\Program Files (x86)\Ashampoo
        2017-01-07 00:33 - 2016-12-08 00:19 - 00000000 ____D C:\Users\Gangosan\Compressed
        2017-01-07 00:32 - 2016-10-21 11:47 - 00002216 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
        2017-01-07 00:32 - 2016-10-13 01:22 - 00001865 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
        2017-01-07 00:32 - 2016-09-02 00:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
        2017-01-07 00:32 - 2014-09-07 12:13 - 00002048 ____R C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
        2017-01-07 00:32 - 2014-09-07 12:13 - 00002048 ____R C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr (64-bit).lnk
        2017-01-06 11:52 - 2016-08-31 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
        2017-01-04 10:54 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-01-04 10:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
        2017-01-03 13:27 - 2015-03-30 13:46 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\vlc
        2017-01-03 13:25 - 2016-12-06 01:17 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\AntDM
        2017-01-02 14:33 - 2016-11-22 12:32 - 00000936 ____N C:\Users\Public\Desktop\AVG Protection.lnk
        2017-01-02 14:33 - 2016-11-22 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
        2017-01-02 14:31 - 2016-11-22 12:26 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Avg
        2016-12-29 19:37 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\config\TxR
        2016-12-18 12:57 - 2014-09-07 10:14 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\uTorrent
        2016-12-18 11:02 - 2014-09-07 12:13 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Microsoft
        2016-12-18 10:38 - 2014-12-03 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes
        2016-12-18 10:16 - 2014-12-03 19:44 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\TeamViewer
        2016-12-17 17:35 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\drivers
        2016-12-17 17:21 - 2014-09-07 22:05 - 00000000 ____D C:\Windows\Prefetch
        2016-12-17 12:01 - 2016-11-12 16:58 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Apps\2.0
        2016-12-16 21:42 - 2015-07-06 10:58 - 00807000 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
        2016-12-16 21:42 - 2015-07-06 10:58 - 00144984 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
        2016-12-16 21:42 - 2015-07-06 10:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2016-12-16 21:42 - 2015-04-29 18:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
        2016-12-16 21:42 - 2015-04-29 18:01 - 00000000 ____D C:\Windows\system32\Macromed
        2016-12-16 21:06 - 2015-06-05 16:34 - 00003614 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1996132808-4018277664-1723909242-1000UA
        2016-12-16 21:06 - 2015-06-05 16:34 - 00003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1996132808-4018277664-1723909242-1000Core
        2016-12-16 20:53 - 2016-10-21 11:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2016-12-16 20:53 - 2014-09-07 10:06 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2016-12-09 00:40 - 2015-06-05 10:22 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Apowersoft
        ==================== Files in the root of some directories =======
        2014-09-26 18:59 - 2015-01-18 21:20 - 0001211 _____ () C:\Users\Gangosan\AppData\Roaming\Ashampoo Gadge It event.log
        2015-12-26 13:43 - 2016-01-01 21:04 - 0000696 _____ () C:\Users\Gangosan\AppData\Roaming\burnaware.ini
        2016-06-08 09:31 - 2016-06-08 09:31 - 0125000 _____ (TechApplet LLC) C:\Users\Gangosan\AppData\Roaming\USB Lock.exe
        2015-10-19 21:18 - 2015-10-19 21:18 - 0011883 _____ () C:\Users\Gangosan\AppData\Local\HWVendorDetection.log
        2014-09-26 18:53 - 2015-01-18 21:25 - 0000912 _____ () C:\Users\Gangosan\AppData\Local\mcset.cfg
        2015-06-03 21:51 - 2015-12-02 01:42 - 0000600 _____ () C:\Users\Gangosan\AppData\Local\PUTTY.RND
        2014-11-30 00:21 - 2015-06-19 07:46 - 0007597 _____ () C:\Users\Gangosan\AppData\Local\Resmon.ResmonCfg
        2015-08-25 20:37 - 2015-08-25 20:37 - 0486342 _____ () C:\ProgramData\1440534830.bdinstall.bin
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-01-03 00:10
        ==================== End of FRST.txt ============================
        Addition.txt
      • от sk23
        Задравейте,
        когато отворя който и да е браузър, ме пренасочва към страница за инталиране Flash video player. Пробва със Avast и други програми да оправя проблема но няма ефект. Мисля че съм хванал тази гадинка като съм инсталирал някои модове за GTA:SA.
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
        Ran by Ali Baba (administrator) on BABA (05-01-2017 22:20:06)
        Running from C:\Documents and Settings\Ali Baba\Desktop
        Loaded Profiles: Ali Baba (Available Profiles: Ali Baba & Administrator)
        Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
        (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
        (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
        (IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
        (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
        (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
        (ZSMCSNAP) C:\WINDOWS\vmsnap3.exe
        (Vimicro) C:\WINDOWS\Domino.exe
        (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
        (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
        (Sonix) C:\WINDOWS\vsnp2uvc.exe
        (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
        (IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        () C:\Program Files\HDD Regenerator\hrsrv.exe
        (Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
        () C:\Program Files\HDD Regenerator\HDD Regenerator.exe
        () C:\Program Files\HDD Regenerator\HDD Regenerator.exe
        (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
        (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
        (IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
        (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
        (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-09-01] (Avira Operations GmbH & Co. KG)
        HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.EXE [49152 2006-08-30] (ZSMCSNAP)
        HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.EXE [49152 2006-06-28] (Vimicro)
        HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2015-01-22] (Realtek Semiconductor Corp.)
        HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
        HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5371168 2016-03-10] (IObit)
        HKLM\...\Run: [HDD Regenerator] => C:\Program Files\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
        HKLM\...\Run: [BigDog303] => C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
        HKLM\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe [662016 2016-12-26] (Sonix)
        HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
        Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-06-11] (ATI Technologies Inc.)
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [ZoomInfo Contact Contributor] => C:\Documents and Settings\Ali Baba\Local Settings\Application Data\ZoomInfoCEUtility\launch.bat [108 2016-08-06] ()
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [GoogleChromeAutoLaunch_F77A4B669589D810440153176D3D8073] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\system: [DisableLockWorkstation] 0
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\system: [DisableClock] 0
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\Explorer: [NoFind] 0
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
        IFEO: [Debugger] logonui.exe
        Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-18]
        ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
        GroupPolicy: Restriction ? <======= ATTENTION
        GroupPolicy\User: Restriction ? <======= ATTENTION
        CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-03] (Avira Operations GmbH & Co. KG)
        Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-03] (Avira Operations GmbH & Co. KG)
        Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-03] (Avira Operations GmbH & Co. KG)
        Tcpip\..\Interfaces\{9FF34EAA-3A59-4C06-BA58-F6DD97C899F7}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/web?fr=avira-hp
        HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/web?fr=avira-ds
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
        HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
        HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
        SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
        SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
        SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1273&r=2013/11/17&hid=3067889980883296824&lg=EN&cc=BG&unqvl=41
        SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> 53A9319E59EF479FAA2FA62650FDABF4 URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=A4B4001FD0992621&affID=119982&tt=040713_ifrmful&tsp=3287
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {1E33F981-E92A-4F78-9D61-AE25CBFF1521} URL = hxxp://en.eazel.com/results.php?id=AAAc786a2a87ab13107be625bc8f8f45bd3&oid=12&cat=web&co=&lg=en&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {2FB80C74-68D7-4887-907C-E2CC21D39D3C} URL = hxxp://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {3E406995-03EA-4506-86C7-75F8A68AF331} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1273&r=2013/11/17&hid=3067889980883296824&lg=EN&cc=BG&unqvl=41
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {D87C08D1-B11E-40C2-A27E-FBE97236636C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247436&CUI=UN23264510252253223&UM=2
        SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {EBD839AE-B08C-4fb7-859B-F54AF16C159F} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=a4b41138000000000000001fd0992621&affilt=3&r=421
        BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
        BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-09] (Oracle Corporation)
        BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
        BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-09] (Oracle Corporation)
        Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
        Handler: skype-ie-addon-data - No CLSID Value -
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
        StartMenuInternet: IEXPLORE.EXE - iexplore.exe
        FireFox:
        ========
        FF DefaultProfile: k57oxwd8.default-1439487724136
        FF ProfilePath: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136 [2017-01-05]
        FF user.js: detected! => C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\user.js [2016-04-08]
        FF NetworkProxy: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136 -> no_proxies_on", ""
        FF NetworkProxy: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136 -> type", 0
        FF Extension: (Grammarly for Firefox) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-11-03]
        FF Extension: (VK Universal Downloader) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\@vkmad.xpi [2016-12-16]
        FF Extension: (MEGA) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\firefox@mega.co.nz.xpi [2017-01-04]
        FF Extension: (Google™ Translator Lite) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\jid1-f3mYMbCpz2AZYl@jetpack.xpi [2016-08-11]
        FF Extension: (uBlock) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2016-03-09]
        FF ProfilePath: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\vo854e7i.default-1473369861250 [2017-01-05]
        FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-26] [not signed]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-03] ()
        FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
        FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
        FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
        StartMenuInternet: FIREFOX.EXE - firefox.exe
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX"
        CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-01-05]
        CHR Extension: (Readlang) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-10-24]
        CHR Extension: (Bomomo) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2015-06-06]
        CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2008-12-31]
        CHR Extension: (Unlimited Free VPN - Hola) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-01-04]
        CHR Extension: (Pinterest Save Button) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-18]
        CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2016-11-29]
        CHR Extension: (2048 Puzzle Game Offline) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfnbjbahocpfkbbadndnocljpjpccggf [2015-06-07]
        CHR Extension: (Purple flowers) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgplpejojljhgndghinonhjpmbdmjamk [2015-06-06]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
        CHR Extension: (Launch Readlang Web Reader) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2016-11-25]
        CHR Extension: (Amazon Assistant for Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-05-19]
        CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 [2017-01-02]
        CHR Extension: (Google Презентации) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
        CHR Extension: (Google Документи) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
        CHR Extension: (Google Диск) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
        CHR Extension: (YouTube) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
        CHR Extension: (Електронни таблици от Google) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
        CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-18]
        CHR Extension: (Google Документи офлайн) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
        CHR Extension: (Notificatoin) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2016-08-18]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
        CHR Extension: (Gmail) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
        CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2 [2017-01-02]
        CHR Extension: (Google Презентации) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
        CHR Extension: (Google Документи) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
        CHR Extension: (Google Диск) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
        CHR Extension: (YouTube) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
        CHR Extension: (Електронни таблици от Google) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
        CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-18]
        CHR Extension: (Google Документи офлайн) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
        CHR Extension: (Unlimited Free VPN - Hola) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-18]
        CHR Extension: (Notificatoin) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2016-08-18]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
        CHR Extension: (Gmail) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
        CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
        CHR HKLM\...\Chrome\Extension: [giacfgjdclhnmkacnfbaljbmpnelflol] - <no Path/update_url>
        CHR HKLM\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
        CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - <no Path/update_url>
        CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - <no Path/update_url>
        CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx <not found>
        CHR HKLM\...\Chrome\Extension: [nkgfcicgjhneabbbfhddfcgifljdhhpl] - <no Path/update_url>
        CHR HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
        StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX
        StartMenuInternet: Google Chrome - Chrome.exe
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
        R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
        S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-09-01] (Avira Operations GmbH & Co. KG)
        R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-09-01] (Avira Operations GmbH & Co. KG)
        R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-01] (Avira Operations GmbH & Co. KG)
        S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-09-01] (Avira Operations GmbH & Co. KG)
        R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
        S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
        R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
        R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
        R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
        R2 hddrsrv; C:\Program Files\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
        U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
        R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1576736 2016-03-10] (IObit)
        S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
        R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
        S3 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
        S3 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
        S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [X]
        S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2015-01-22] (Creative)
        R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11904 2016-12-26] (Advanced Micro Devices Inc.)
        R0 amdide1; C:\WINDOWS\system32\Drivers\amdide1.sys [9096 2009-09-13] (Advanced Micro Devices)
        R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
        R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-07-28] (Avira Operations GmbH & Co. KG)
        R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-07-28] (Avira Operations GmbH & Co. KG)
        R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-07-30] (Avira Operations GmbH & Co. KG)
        R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-03-11] (BlueStack Systems)
        S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
        S3 cpuz138; C:\Documents and Settings\Ali Baba\Local Settings\temp\cpuz138\cpuz138_x32.sys [27832 2017-01-01] (CPUID)
        R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25016 2015-06-20] (Disc Soft Ltd)
        R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [246464 2015-12-22] (IObit)
        S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2013-07-05] (Windows (R) 2000 DDK provider)
        R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
        R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-22] (REALiX(tm))
        S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2015-01-22] (Creative Technology Ltd.)
        S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
        R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
        R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
        R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
        R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2015-03-25] (IObit.com)
        R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2015-01-22] (Realtek Semiconductor Corp.)
        R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [3566336 2016-12-26] ()
        R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2009-01-01] () [File not signed]
        S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
        R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
        S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2015-03-25] (IObit.com)
        S3 vmfilter303; C:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation)
        R1 XQHDrv; C:\WINDOWS\System32\DRIVERS\XQHDrv.sys [203424 2015-09-08] (BigNox Corporation) [File not signed]
        S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation)
        U3 avigp4w9; C:\WINDOWS\system32\Drivers\avigp4w9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
        S3 cpuz137; \??\C:\DOCUME~1\ALIBAB~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
        S4 IntelIde; no ImagePath
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-01-05 22:20 - 2017-01-05 22:21 - 00029394 _____ C:\Documents and Settings\Ali Baba\Desktop\FRST.txt
        2017-01-05 22:19 - 2017-01-05 22:20 - 00000000 ____D C:\FRST
        2017-01-05 22:18 - 2017-01-05 22:18 - 01760256 _____ (Farbar) C:\Documents and Settings\Ali Baba\Desktop\FRST.exe
        2017-01-05 21:58 - 2017-01-05 21:58 - 00000000 ___HD C:\WINDOWS\PIF
        2017-01-05 21:28 - 2017-01-05 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
        2017-01-05 12:30 - 2017-01-05 21:36 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\SetMyHomePage
        2016-12-26 11:30 - 2016-12-26 11:30 - 03566336 _____ () C:\WINDOWS\system32\Drivers\snp2uvc.sys
        2016-12-26 11:30 - 2016-12-26 11:30 - 00662016 _____ (Sonix) C:\WINDOWS\vsnp2uvc.exe
        2016-12-26 11:30 - 2016-12-26 11:30 - 00306688 _____ (Sonix Technology Co., Ltd.) C:\WINDOWS\system32\vsnp2uvc.dll
        2016-12-26 11:30 - 2016-12-26 11:30 - 00196608 _____ ( ) C:\WINDOWS\system32\csnp2uvc.dll
        2016-12-26 11:30 - 2016-12-26 11:30 - 00028544 _____ C:\WINDOWS\system32\Drivers\sncduvc.sys
        2016-12-26 11:30 - 2016-12-26 11:30 - 00015497 _____ C:\WINDOWS\snp2uvc.ini
        2016-12-26 11:30 - 2016-12-26 11:30 - 00013021 _____ C:\WINDOWS\snp2uvc.src
        2016-12-26 11:29 - 2017-01-05 22:03 - 00000298 _____ C:\WINDOWS\Tasks\Driver Booster Scheduler.job
        2016-12-26 11:29 - 2016-12-26 11:33 - 00001893 _____ C:\Documents and Settings\All Users\Desktop\Driver Booster 4.lnk
        2016-12-26 11:29 - 2016-12-26 11:29 - 00000000 ____D C:\WINDOWS\IObit
        2016-12-26 11:29 - 2016-12-26 11:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Driver Booster 4
        2016-12-19 22:30 - 2016-12-19 22:30 - 00087026 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266578-fe5df232cafa4c4e0f1a0294418e5660.jpg
        2016-12-19 22:30 - 2016-12-19 22:30 - 00068554 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266612-549cfc258b5b09317e51edf0d640cf8d.jpeg
        2016-12-19 22:30 - 2016-12-19 22:30 - 00068155 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266601-30e62fddc14c05988b44e7c02788e187.jpg
        2016-12-19 22:30 - 2016-12-19 22:30 - 00066893 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266590-8cda81fc7ad906927144235dda5fdf15.jpg
        2016-12-19 22:29 - 2016-12-19 22:29 - 00089430 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266566-18e2999891374a475d0687ca9f989d83.jpg
        2016-12-19 22:29 - 2016-12-19 22:29 - 00082971 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266554-032b2cc936860b03048302d991c3498f.jpg
        2016-12-19 22:29 - 2016-12-19 22:29 - 00079254 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266519-ea571676ce9b75b0730a5d56350ae93e.jpeg
        2016-12-19 22:29 - 2016-12-19 22:29 - 00072472 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266531-799bad5a3b514f096e69bbc4a7896cd9.jpg
        2016-12-19 22:29 - 2016-12-19 22:29 - 00060565 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266543-d0096ec6c83575373e3a21d129ff8fef.jpg
        2016-12-19 22:14 - 2016-12-19 22:15 - 00034635 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266508-f3ccdd27d2000e3f9255a7e3e2c48800.jpg
        2016-12-19 22:06 - 2016-12-19 22:06 - 00190290 _____ C:\Documents and Settings\Ali Baba\Desktop\4-25.jpg
        2016-12-19 22:06 - 2016-12-19 22:06 - 00189717 _____ C:\Documents and Settings\Ali Baba\Desktop\3-30.jpg
        2016-12-19 22:06 - 2016-12-19 22:06 - 00174915 _____ C:\Documents and Settings\Ali Baba\Desktop\2-28.jpg
        2016-12-19 22:06 - 2016-12-19 22:06 - 00163735 _____ C:\Documents and Settings\Ali Baba\Desktop\1-37.jpg
        2016-12-14 00:26 - 2016-12-14 14:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
        2016-12-12 15:48 - 2016-12-12 15:48 - 00000000 ____D C:\output
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-01-05 22:21 - 2016-08-01 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
        2017-01-05 22:21 - 2009-01-01 00:17 - 00000000 ____D C:\Documents and Settings\Ali Baba\Local Settings\temp
        2017-01-05 22:10 - 2015-10-06 17:00 - 00000418 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1444143615.job
        2017-01-05 22:00 - 2008-04-14 11:00 - 00000435 _____ C:\WINDOWS\system.ini
        2017-01-05 21:58 - 2008-04-14 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
        2017-01-05 21:56 - 2016-10-19 22:38 - 00000000 ____D C:\Program Files\Hi-Rez Studios
        2017-01-05 21:56 - 2016-03-10 18:19 - 00000282 _____ C:\WINDOWS\Tasks\ASC9_PerformanceMonitor.job
        2017-01-05 21:56 - 2015-05-10 17:48 - 00000286 _____ C:\WINDOWS\Tasks\SmartDefrag4_Startup.job
        2017-01-05 21:56 - 2015-05-10 17:48 - 00000286 _____ C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
        2017-01-05 21:56 - 2015-05-10 17:48 - 00000284 _____ C:\WINDOWS\Tasks\SmartDefrag4_Update.job
        2017-01-05 21:56 - 2015-02-08 23:43 - 00000278 _____ C:\WINDOWS\Tasks\Driver Booster Update.job
        2017-01-05 21:56 - 2015-02-08 23:43 - 00000276 _____ C:\WINDOWS\Tasks\Driver Booster Scan.job
        2017-01-05 21:56 - 2014-11-16 09:18 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
        2017-01-05 21:56 - 2013-07-05 00:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-01-05 21:56 - 2009-01-01 12:28 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2017-01-05 21:52 - 2015-08-19 20:33 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
        2017-01-05 21:47 - 2009-01-01 12:28 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2017-01-05 21:27 - 2013-07-07 22:53 - 00186368 _____ C:\Documents and Settings\Ali Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2017-01-05 21:00 - 2013-08-17 16:58 - 00000000 ____D C:\WINDOWS\system32\NtmsData
        2017-01-05 20:59 - 2013-07-04 23:47 - 00000000 ____D C:\WINDOWS\Registration
        2017-01-05 15:31 - 2013-07-05 02:28 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\Skype
        2017-01-05 14:51 - 2016-10-21 20:54 - 00032460 _____ C:\WINDOWS\SchedLgU.Txt
        2017-01-05 12:31 - 2015-10-06 17:00 - 00000721 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
        2017-01-05 12:31 - 2015-10-06 17:00 - 00000715 _____ C:\Documents and Settings\All Users\Desktop\Opera.lnk
        2017-01-05 12:31 - 2015-02-03 15:22 - 00000788 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
        2017-01-05 12:31 - 2015-02-03 15:22 - 00000782 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
        2017-01-05 12:31 - 2009-01-01 12:28 - 00001875 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
        2017-01-05 12:31 - 2009-01-01 12:28 - 00001869 _____ C:\Documents and Settings\Ali Baba\Desktop\Google Chrome.lnk
        2017-01-05 12:29 - 2015-04-21 22:36 - 00135168 ___SH C:\Documents and Settings\Ali Baba\Desktop\Thumbs.db
        2017-01-05 02:56 - 2014-11-30 05:47 - 00273426 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
        2017-01-05 02:56 - 2013-07-05 00:02 - 00000178 ___SH C:\Documents and Settings\Ali Baba\ntuser.ini
        2017-01-05 02:55 - 2013-07-05 00:02 - 00000000 ____D C:\Documents and Settings\Ali Baba
        2017-01-04 13:28 - 2009-01-01 02:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
        2017-01-02 13:39 - 2009-01-01 08:33 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\PhotoScape
        2017-01-01 16:13 - 2009-01-01 02:13 - 00000000 ___HD C:\WINDOWS\inf
        2017-01-01 16:13 - 2009-01-01 02:13 - 00000000 ____D C:\WINDOWS\security
        2016-12-30 00:05 - 2014-11-30 05:47 - 01137361 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-299502267-448539723-1801674531-1003-0.dat
        2016-12-27 17:57 - 2015-07-12 19:45 - 00000000 ____D C:\Documents and Settings\Ali Baba\Start Menu\Programs\San Andreas Multiplayer
        2016-12-27 00:47 - 2013-07-05 00:02 - 00000000 ___HD C:\Documents and Settings\Ali Baba\Local Settings\Application Data
        2016-12-26 11:45 - 2015-01-22 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
        2016-12-26 11:45 - 2009-01-01 02:31 - 00000000 ____D C:\Documents and Settings\All Users\Desktop
        2016-12-26 11:32 - 2013-07-05 01:45 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
        2016-12-26 11:31 - 2015-01-22 23:25 - 00011904 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\Drivers\amdide.sys
        2016-12-26 11:31 - 2013-07-05 01:45 - 00000000 ___DC C:\WINDOWS\system32\DRVSTORE
        2016-12-26 11:29 - 2015-07-30 14:09 - 00000000 ____D C:\Program Files\IObit
        2016-12-26 11:29 - 2015-07-30 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
        2016-12-25 21:07 - 2013-07-05 00:02 - 00000000 ____D C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Microsoft
        2016-12-22 22:00 - 2016-09-09 14:53 - 00000000 ____D C:\Program Files\Steam
        2016-12-20 02:38 - 2013-07-07 20:42 - 00000000 ___RD C:\Documents and Settings\Ali Baba\My Documents\My Videos
        2016-12-17 00:47 - 2009-01-01 02:21 - 00000000 __SHD C:\WINDOWS\Installer
        2016-12-17 00:43 - 2009-01-01 02:21 - 00000000 ____D C:\Program Files
        2016-12-15 13:11 - 2015-02-03 15:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
        2016-12-11 13:09 - 2015-07-11 18:43 - 00000000 ____D C:\Documents and Settings\Ali Baba\My Documents\GTA San Andreas User Files
        2016-12-10 22:10 - 2009-01-01 04:00 - 00000000 ____D C:\Program Files\Opera
        2016-12-07 02:52 - 2016-12-03 18:48 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\CoreFTP
        2016-12-07 02:52 - 2015-06-19 22:20 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\DAEMON Tools Lite
        2016-12-07 02:52 - 2015-01-24 21:44 - 00000000 ____D C:\WINDOWS\Minidump
        2016-12-07 02:52 - 2009-01-01 00:03 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\uTorrent
        ==================== Files in the root of some directories =======
        2015-12-01 22:20 - 2015-12-01 22:20 - 0000022 _____ () C:\Program Files\MEGA-MASTERKEY.txt
        2013-07-07 22:53 - 2017-01-05 21:27 - 0186368 _____ () C:\Documents and Settings\Ali Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-05-30 23:49 - 2014-10-16 01:55 - 0145792 _____ () C:\Documents and Settings\Ali Baba\Local Settings\Application Data\downloader.exe
        Some files in TEMP:
        ====================
        C:\Documents and Settings\Ali Baba\Local Settings\temp\avgnt.exe
        C:\Documents and Settings\Ali Baba\Local Settings\temp\KMP_4.1.5.3.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== End of FRST.txt ============================
         
        Addition.txt
      • от Ivan Mirchev Nikolov
        Здравейте, 
        От няколко месеца имам проблем с изскачащи реклами като тези на изображенията, които прикачвам. Опитах да ги изчистя с AVG и други антивирусни, но не помогна. Сложил съм един адблокър ( Fair AdBlocker ) на гугъл хрома и това помага, но е дразнещо да виждам как има постоянно десетки блокирани реклами на някои от новинарските сайтове.
        Странното е, че на няколко пъти преинсталирах уиндъуса с форматиране на дяловете и въпреки това нищо не се промени. При първото влизане в интернет се появяват същите реклами.
        Spyhunt-а лови следното в регистъра: hkcu\software\conduit\appPath. Изчиствам го, но пак се появява при следващото браузване.
        Има ли някакво решение с изчистване, или ще трябва да си стоя с адблокъра? 
        Благодаря Ви!
         


      • от Mr.n0b0dy
        Да отметна, че първо прочетох това:  Mетоди за откриване на подозрителна активност в компютъра!
        След което прегледах трафика и актвините портове, смених и DNS адресите, но не забелязах нищо необичайно.
        Сканирах със HitmanPro той нищо не откри.
        Сканирах и със MBAM (Threat Scan) също не откри никакви заплахи.
        Не мисля, че е нещо сериозно, но все пак ще е добре специалист да погленде логовете.
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение